Computer security is fast becoming an important issue. With the proliferation of computers and computer networks into all aspects of business and daily life—financial, medical, education, government, and communications—the concern over secure file access is growing. Various approaches exist for securing access to buildings, computers, confined areas, and so forth.
It is well known to those skilled in the art that a security access system that provides substantially secure access and does not require a password or access code is a biometric identification system. Due to its inherent nature, biometric data has the advantage of always being available for user identification and verification. Fingerprint sensing and matching is a reliable technique for personal identification and/or verification.
Biometric-oriented personal identification techniques are becoming increasingly important in protecting personal property, as for example laptops or cellular phones, in preventing credit card and calling card fraud, in limiting access to security areas, computers and information, and in ensuring security for electronic commerce. Typically, a biometric identification system accepts unique biometric information from a user and identifies the individual by matching the information against information belonging to registered individuals of the system.
These techniques have the advantage that they move with the individual and are theoretically capable of great accuracy. Of all presently used biometric identification techniques, fingerprints are perhaps the most appealing. Fingerprints have been accepted for 75 years as a legal means for verifying identity “beyond all reasonable doubt”, and acquiring a fingerprint requires little specific behavior by the user. Considerable research has gone into the task of extracting fingerprint features and performing database comparisons. Existing technology allows the relevant features of a fingerprint to be represented in a few hundred bytes of data, with recognition in less than 1 second, and with low false acceptance and false rejection rates of about 0.01%. The fingerprint is probably the most widely used and researched biometric identification technique. Furthermore, the computer hardware required for recording and comparing fingerprint data can be centralized and accessed through a telecommunications network thereby allowing costs to be amortized across many transactions. A variety of systems and methods are currently used to protect information and property from unauthorized access or interference.
Accurate and cost effective verification of personal identity is becoming increasingly important. However, all the methods proposed for electronic identification of individuals suffer a similar problem, which is to ensure that the token used is in the possession of its rightful owner.
An approach is proposed in U.S. Pat. No. 5,991,408 to Pearson et al. who disclose a system wherein a security key is created from one or more biometric elements of a user. In the case of a fingerprint, a user presses a finger on a sensor pad, which inputs a representation of the fingerprint into a computer system. The representation of the fingerprint is used to construct an instance of a problem which has data derived from the fingerprint as its solution. The instance of the problem is associated with the identity of the user. A code or feature can be inserted into the instance of the problem in order to serve as proof that the instance of the problem was generated in a secure fashion by a secure system or that it is otherwise reliable and uncorrupted. Further, a cryptographic key can be generated from the user's fingerprint and used to encrypt information.
One problem associated with remote fingerprint sensors concerns transmission of information used for verification. Therefore, it is often desirable to store or transmit information in an encrypted format so that even if the information falls into the hands of an unauthorized user, it cannot be accessed without the cryptographic key. A limitation of such an approach regards the costs associated with a reconfiguration of the fingerprint sensors. For example, in the case of swipe imaging devices such reconfiguration infers incorporating a chip including a processor having encrypting capacities compatible with such a requirement, adding further silicon layer to the sensor, increasing wiring, and so forth. This represents an expensive and a massive operation to upgrade security on all existing sensor devices. Even while encryption allows sensitive information to be securely transmitted or stored in publicly accessible areas, a cryptographic key can be lost, stolen, or given away then unauthorized users may have access to the encrypted information, which renders the whole security system obsolete.
Whereas the fingerprint is unique and cannot be easily duplicated, such is not the case for the electronic representation of the fingerprint. Knowledgeable individuals with incentive to gain access to a system can record such an electronic representation for use at a later time. Further, the signal providing access may be recorded for later use thus circumventing a security system.
Therefore, in view of the above-mentioned and other limitations of the prior art, there is a need of a system for preventing playing back a fingerprint to fraudulently gain access to a protected area by being falsely authorized by a host processor. A non-expensive system is of course a major advantage of the present invention.